Response to: "Congressional source replies to RIAA's we-don't-want-to-hack denial" http://www.politechbot.com/p-02717.html ---------- Forwarded message ---------- Date: Thu, 1 Nov 2001 09:31:29 -0500 From: JCabreraat_private To: Declan McCullagh <declanat_private>, declanat_private Subject: RIAA Point by Point Rebuttal (1) "The RIAA does not assert that the language they provided staff would not have permitted this sort of conduct [hacking, planting viruses, destroying MP3 files, etc.]" RIAA RESPONSE: WRONG! The language we provided staff would NOT have permitted this sort of conduct: First, the language would have applied ONLY to actions that do no more than "impair the availability" of data, a program, or a computer. Section 1030 refers both to the "integrity" and "availability" of data, but the language addressed only "availability." Thus, if any action had the effect of deleting, altering or destroying data, a program or a computer (i.e. impacting "integrity") -- even unintentionally -- that would still be defined as "damage" under the Computer Fraud and Abuse Act and the copyright holder would have been subject to suit. Second, the initial language would only have protected "reasonable" measures. Actions (such as hacking or deleting files) that caused damage to a computer or data would generally not be considered "reasonable," would likewise subject the copyright holder to suit. Finally, the language provided NO immunity from criminal prosecution. Thus, any actions taken by a copyright holder to protect its works would be at risk of criminal liability, a substantial guarantee that any measures would be responsible. All of this confirms that the language was not to give copyright owners broader enforcement powers, but only to limit the availability of "strike suits" or nuisance suits that would preclude the use of reasonable technical measures. (2) "What they may have "meant" to do does not explain their "extremely irresponsible" (at best) drafting." RIAA RESPONSE: WRONG AGAIN. What we "meant" to do is reflected in the drafting. It's the "reading" of the language out of context that's irresponsible (3) "According to the RIAA, the drafting of the Senate bill was done "privately" and would have had "unintended effects" on the law. But what Hilary Rosen fails to note is that their solution ? offered in the vacuum of private negotiations ? would have done what EFF and other copyright scholars NOT on the RIAA payroll say it would have done: it wouldve [sic] created a license to hack. I suppose the RIAA position must be that private negotiations involving the RIAA cannot possibly result in similarly "unintended effects." RIAA RESPONSE: WRONG AGAIN, for the reasons described above. We recognize that a perfectly reasonable human being ? when shown this language without any context ? could think that it would allow any number of things, including hacking. But in fact, as described above, that is not the case. Anonymous ought to read the language carefully, in context as an amendment to an amendment to an existing statute (a very long and complex statute). It is clear that Anonymous has not done this, but feels free to make irresponsible comments about what the language means anyway. (4) "Perhaps the RIAA will tell us who they met with at DOJ about this amendment? Did they show their proposed language to anyone from the Executive Branch negotiating the bill? If so, whom? RIAA RESPONSE: Funny how Anonymous believes it's okay to be commenting without disclosing his or her identity, but wants everyone else to disclose their identities. Sorry. We do not believe it is appropriate or necessary to name the specific individuals with whom we have met regarding this legislation. Suffice it to say, however, that we brought the issue to the attention of officials at DOJ as soon as we discovered that the proposed language inadvertently would have prevented us from using technical measures to protect copyrighted works. We also raised this issue with the Senate staff working on the bill, as well as other industry groups before any proposal was sent. (5) "[RIAA claims that a copyright holder using any technical measures to protect its works could do so only at risk of criminal liability, a substantial guarantee that any such actions would be conducted responsibly.] This is simply false! . . . [The RIAA made two initial proposals.] Both proposals would have prohibited any civil cause of action for actions by a copyright owner for the "impairment of the availability of data. . . Yes the RIAA could still have been prosecuted ? which one must assume is how they are able to argue that their conduct resulting in damage would be "actionable." But no civil actions could have been brought! So victims could not have sued. Period. This is the sort of verbal parsing and misleading statement that the heads of the major record labels should instruct their staff at the RIAA to put a stop to once and for all." RIAA RESPONSE: WRONG. The proposals submitted by creators (to fix the unintentional effect the anti-terrorism bill would have had on antipiracy efforts) still would have allowed civil suits against creators on several new grounds. First, the proposals included a new "reasonableness" standard that would have permitted lawsuits against creators for the use of any technical measures deemed unreasonable. This new standard, when combined with the loosening of the damage requirement contained in the amendments proposed by the Department of Justice, would have provided greater flexibility to the judge or jury than the strictly monetary threshold that was previously in effect, and is the typical standard of almost all cases tried on a theory of negligence in this country. Second, both proposals maintained civil liability if the relevant work was not being put to an infringing use (as when a defendant is engaging in "fair use"). As such, content owners would have borne the risk of a lawsuit if it turned out that the use was not infringing Third, the limited civil exemption of both proposals applied only to technical measures that impaired the "availability of data, a program or system," and not to technical measures that affected the integrity of data. Thus, if any action taken to protect copyrights had the effect of deleting, altering or destroying data, a program or a computer (i.e. impacting "integrity") ? the very type of activity raised by Anonymous ? that would still be subject to civil liability under section 1030. (6) "Previously the definition of "damage" under the act required that there be $5,000 in damage or loss to a victim. Accordingly, absent some narrow exceptions, if a person hacked into a private network or computer and caused less than $5,000 in damage, he or she would not have broken the law. . .if you change the law to make it easier for the government to prosecute hackers by dropping the $5,000 threshold then you are also making it easier for victims of hackers to bring a private civil lawsuit. The RIAA's proposed solution ? above ? would have given them a complete carve out from the civil actions ? Not just acts [stet] those resulting in less than $5,000 in damage but any amount of damage so long as they were trying to stop "unauthorized" (note, not necessarily illegal) copying." RIAA RESPONSE: It is exactly because the bill changed the calculation of the threshold (as Anonymous points out), opening creators up to new lawsuits that could not have been brought previously, that a new solution was needed in order to preserve the intent of current law. This solution, which Anonymous once again glosses over, was the requirement of "reasonableness." In response to the new threshold requirements, the proposal recommended that any exemption must be denied if a court or jury finds the measures taken by the copyright owner to be unreasonable. Thus, the "complete carve out from civil actions" described above is simply wrong. (7) "Yes there were a myriad of organizations concerned about the effects of the change on current law, but the RIAA's proposed amendment was not supported by those groups, was it? Did eBay, the Net Coalition, SIAA support their draft. No. Not even AOL ? a member of RIAA ? was happy with the original amendment offered by Mr. Glazier. Yes, they all supported the final version ? the version that was worked out AFTER the RIAA was caught." RIAA RESPONSE: WRONG. The database producers mentioned by Anonymous had no objection to the original proposal. Different companies and industries bring differing concerns to the table. eBay's concerns had nothing to do with copyright, for example. Our point was not that other industry groups wanted to solve a copyright problem, but that multiple industry groups recognized that the Senate provision had inadvertent adverse effects ON THEM as well, unrelated to copyright, and needed to be fixed. And we mention that only to disprove the canard that we were attempting to take advantage of the anti-terrorism legislation. To the contrary, we were responding to a problem CAUSED by the anti-terrorism bill, just like the other industries did when they learned of it. This is our last posting on this issue. We've said our piece, here and lots of other places, a number of times. We've even responded to anonymous critics that don't have the courtesy (or the confidence in their criticism) to disclose their identities. The legislation has passed. People will think what they think. It's time to move on. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 07:51:58 PST